This privacy policy applies to TimeLimit. This enfolds the website timelimit.io
and the native App. Responsible is Jonas Lochmann. Die current contact details can be found at https://jolo.software/de/impressum/.
Your browser sends requests when opening the website, for the text and for the images. This requests contain always your IP address (if not anonymisation technology is used) and the URL of the requested ressource. Additionally, your Browser may send additional date, e.g. the so called user agent header or the previously visited website.
This data is used to send responses for the requests. It can happen that requests are still kept in the RAM or in the swap partition for some time after they were served.
In case of issues, logging may be enabled. This log contains your IP address, the URL, the http verb and the status code. This data is only used for diagnosing issues. It will be deleted after 7 days. The conclusions from the analysis (like IP addresses with very much requests) may be saved permanently.
When making contact, you have to provide contact details for a reply. This contact details are only used for the reply.
Additionally, you may provide additional data. This is used to reply to your request. Additionally, your data may be saved anonymised (e.g. a description of a bug or a feature request) and may be used for the development of TimeLimit.
You may send your request encrypted using GPG. You can find the key at https://keys.openpgp.org/vks/v1/by-fingerprint/2E5C672DE893055D04F5B7BC36B449FB5364BDC4.
Attachments, in special screenshots and logs, may contain personal data. It is recommend to remove this personal data before sending them.
When using TimeLimit, TimeLimit captures which Apps are installed. That includes:
This data is stored on your device.
If you are using the connected mode and you select a child user as an user of a device, then this list will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices.
You can create categories in TimeLimit, for which you can select time limits and apps. A category includes:
This data is stored on your device.
If you are using the connected mode and you select a child user as a user of a device, then this list will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices.
If you are using the connected mode, then a timestamp of the last change rounded to 48 hours is saved for usage duration entries. This is used to delete old usage duration entries.
When you use TimeLimit, TimeLimit captures the status of your device. This includes:
This data is stored on your device.
If you are using the connected mode and you select a child user as a user of a device, then this list will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices. The TimeLimit Server can use the user id and if the user chose to not get asked for the password again for the authentication.
If you are using the connected mode, then the server saves the timestamp of the last connection from a device rounded to 12 hours. This is used to show in the device list if a device was not connected for a long duration and for automatically deleting old users.
If you chose to show the connection status of on device at the other devices, then - if the device is connected - a message is sent to all devices linked with the family. This data is not saved.
When you use TimeLimit, there are actions like changing of settings or saving the used time. These actions are exeucted directly in the local mode.
If you are using the connected mode, then these actions are stored on your device until TimeLimit sent them to the Server. The Server of TimeLimit does not store these actions, but applies them to the data which is stored on it. From there, the changed data is sent to all device assigned to your family and it's stored on this devices.
You can allow Apps in TimeLimit temporarily. Then, the package name of the allowed App is stored as long as the App is allowed.
This data is not transmitted.
You can add multiple users (parents and children) in TimeLimit.
A user includes:
This data is stored on your device.
If you are using the connected mode, then this will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices.
In the connected mode, TimeLimit keeps an websocket connection to the server. This is used to trigger a synchronization when changes were made on other devices. This connection exists in the connected mode if:
TimeLimit provides the option to ignore the local clock and request the time via the Internet. If the feature is enabled, a request is frequently sent to the TimeLimit server.
If you are using the connected mode, every device gets a random token for the authentication. This token is stored on your device and on the server.
When you remove a device, then the authentication token is stored at a list which contains all old authentication tokens. This old token is not linked with any other data.
TimeLimit shows some hints only once/ does not show them again if you selected that. The hints which should not be shown again are stored on your device. This data is not transmitted.
You can change some parameters which are used for detecting the currently used App. This parameters are only saved at your device and are not transmitted.
In the connected mode, if and until when the premium version is valid is stored on the server. If or until when the full version can be used is sent to your devices and stored there.
If you buy the premium version, the new values are saved.
Additionally, every purchase is logged and stored permanently. A log entry includes:
Additionally, the terms of use and privacy of the payment service which you are using applies. When buying using a invoice, then the terms of section 2.4 apply.
TimeLimit regulary saves the last time at which the screen was on at your device. This is not transmitted. This is used for automatically switching to the default user.
Depending on the Android version, TimeLimit uses the permission for the usage stats access or the GET_TASKS permission. These are only used to detect the currently used App. Based on the currently used App, the App is blocked, allowed, or the remaining time is calculated.
The currently used App is not transmitted, but the resulting change of the remaining usage time is transmitted.
This permission is (depending on the configuration) used to detect or prevent an uninstallation of TimeLimit.
Depending on the coniguration, this permission is used to lock the device after a manipulation.
Depending on the Android version and the configuration:
TimeLimit uses the notification access to block notifications of blocked Apps. Notifications and their contents are not saved.
Additionally, music playbacks are detected and limited using this permission. This may cause updating the logged usage duration.
The used App is not transmitted, but the resulting changes of the usaage times may be transmitted to the server when the connected mode is used.
TimeLimit uses an accessibility service to press the home button before showing the lock screen. This fixes blocking in some cases.
By default, requests sent to the TimeLimit server are not logged. If there is a good reason (server is overloaded, technical issues, ...) the logging of requests can be enabled. Then, the executed action (e.g. query time, upload actions, do purchase), the IP address, the time and the used client are stored temporarily. This data is deleted as soon as it is not needed anymore, but not later than 7 days after logging them.
If you would like to add a device in the connected mode, you get a random text which you enter on the device which should be added. These tokens are assigned to your family ID on the server and are deleted as soon as they were used. If the tokens were not used they are deleted after 3 hours.
When authenticating a mail address, "you" (the client) gets a token for the authentication of the next requests. These tokens are assigned to your mail address and language and stored on the server, These tokens are deleted after 3 hours. Due to backups, these data can be saved for a longer time.
To authenticate, you can sign in with a mail address. In this case, a mail will be sent to the specified address. We can't control the storage of the mail at the transport and at your inbox.
When signing in by mail, the specified mail address and the system language is transmitted. The system language is only used to localize the sent messages.
The mail address, the sent code, the language and an authentication session token are saved for 3 hours to allow authenticating. Due to backups, these data can be saved for a longer time.
The mail server saves logs which contain the mail addresses for up to 2 weeks. These are used to analyze technical issues and to prevent abuse. There is no backup of this logs that is stored for a longer time.
Additionally, the mail address and the number of authentication attempts are saved for up to 24 hours to prevent too many requests.
Moreover, system information (app variant, app version and device attestation) is transmitted and used to prevent abuse. For that, the app version and app variant are attached to the sent mails.
To reduce the risk of data loss, backups of the database of the TimeLimit server are created regulary. These backups contain all data that is saved at this time and are saved for up to 4 weeks. The backups are encrypted with a asymmetrically and the private key is not saved at the server. These backups are only used to recover data after a technical failure.
Data of old users gets deleted if the premium version expired 90 days ago and no device assigned to the family has connected during the last 90 days.
You have the option to enable the background sync. If you enable it, your device periodically sends a request to the TimeLimit server to request the current status.
It is saved at your device if you have enabled the background sync.
In connection with the background sync, TimeLimit can show notifications at the devices. For that, the following is saved at your devices (independent if you enabled the background sync):
It's possible to select a contact whitelist. This list is only saved at the device and is not transmitted.
When setting TimeLimit as homescreen, then you can select the homescreen to show within TimeLimit. This is saved at your device and not transmitted.
To analyze the server workload, some values are captured like the cpu utilization and the number of processed app category assignments.
This is implemented using global counters so that this does not save personal data.
Depending on the source from where you got TimeLimit, TimeLimit provides the option to check if updates are available. If this is enabled, then requests to the TimeLimit server will be sent periodically.
When downloading TimeLimit using an external service, then the privacy policy of this external service applies.
TimeLimit can use the location access permission. This is only used to get the SSID and BSSID of the currently used WiFi network. Both values are hashed together. This hash is called network id.
It is possible to add network ids for categories. These are merged with a individual salt and hashed again before they are saved for a category. This salted and hashed network ids are saved at the device and - if the networking was enabled - are sent to the TimeLimit server and the linked devices.
If a category has got network ids, then the current network id is used to decide if the category should be blocked or not.
There is no additional usage of the location access or network ids.
You can create tasks in TimeLimit.
A task includes:
This data is stored on your device.
If you are using the connected mode and you select a child user as a user of a device, then this list will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices.
An encrypted Container contains the following data that is saved at the server when using the connected mode:
If you are using the connected mode, then this will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices.
The following data is saved only at your devices:
This kinds of data are saved in encrypted containers:
In the connected mode, your devices communicate using the server to exchange keys. For this, the following is sent to the server, saved there temporarily and sent to the other devices.
When linking multiple devices, then there are cases where the server is unreachable but some data should be sent to it that should not be saved locally readable. Due to that, the server creates keys that the client can use the encrypt data when saving data locally.
The following data is saved at the server for a DH key:
The current public key with its ID is sent to the device. The keys are used to decrypt data that was encrypted with it.
TimeLimit allows adding U2F keys.
The following data is saved for a U2F key:
This data is saved at your device.
If you are using the connected mode, then this will be synchronized with the server of TimeLimit. This data will be stored there, sent to all devices assigned to your family and stored on these devices.
This data is used for the user authentication only.
When signing in with a U2F key, then a message is sent to the server to trigger the generation of a new challenge.
The attestion certificate of the U2F key is not used and not transmitted to the server.
When buying using a invoice, then you will get a invoice. This invoice contains your name and your mail address. Additionally, it contains your postal address, if you provided it.
The invoices are saved for 11 years encrypted due to the retention obligation. If required by law, then the invoices are transmitted decrypted to the departments which have the right to access them.
The bank transfers which are used for the payment are logged. This log is kept for up to 11 years and contains your name.
You can create a new mail address for doing the purchase, but you can not provide a wrong name for the bank transfer.
If you do not accept this collection and storage, then you can not buy using a invoice. In this case, you can host a server yourself.
The TimeLimit server is hosted by Hetzner Online GmbH and/or netcup GmbH. There is an commissioned data processing contract with both companies. The server location is Germany.
Additionally, when downloading TimeLimit using Google Play, then the privacy policy of Google applies. Google processes usage statistics, crash reports (if not disabled) and payments. When not downloading TimeLimit using Google Play, then google may still process usage statistics and crash reports, depending on your device and its configuration.
You have the right to ask for confirmation as to whether the data in question is being processed and for information about this data as well as for further information and a copy of the data in accordance with Article 15 of the GDPR.
In accordance with Article 16 of the GDPR, you have the right to demand the completion of the data concerning you or the correction of the incorrect data concerning you.
In accordance with Article 17 of the GDPR, you have the right to demand that the data in question be deleted without delay, or, alternatively, to require a restriction of the processing of data in accordance with Article 18 of the GDPR.
You have the right to request that the data relating to you provided to us be obtained in accordance with Article 20 of the GDPR and to request that it be transmitted to other persons responsible.
You also have the right under Article 77 GDPR to file a complaint with the competent supervisory authority.
You have the right to revoke granted consent in accordance with Article 7 (3) GDPR with future effect
You may at any time object to the future processing of your data in accordance with Article 21 of the GDPR. The objection may in particular be made against processing for direct marketing purposes.
If you have any questions about this which are not answered by this privacy policy, you can always contact us under the contact information specified in the imprint.
Only encrypted connections are used at the website and in the App. It can happen during the transmission of mails that the connection is not encrypted.
Security updates are installed regulary and updates are created regulary.
This privacy policy is from 9th April 2024 and the currently valid version.
This privacy policy can be changed due to legal changes and App changes. The current version is always provided at this website.
If you have got any questions which this privacy policy did not answer, then you can use the contact details from the imprint to send a request.